Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad Image Error and PUM.Diabled.SecurityCenter Keeps Returning


  • Please log in to reply

#1
skipperscruise

skipperscruise

    Member

  • Member
  • PipPip
  • 48 posts
Thank you for looking into this.

I received for the first time the Bad Image Error when trying to start a progam. However, after reboot all works fine for a couple of hours and then the bad image error starts up again. When running Maiwarebytes it found was PUM.Diabled.SecurityCenter for Microsoft security center firewall and returned again.

Here's the OTL log.

Thanks again.

OTL logfile created on: 7/4/2012 11:00:12 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 387.77 Mb Available Physical Memory | 37.89% Memory free
12.53 Gb Paging File | 11.97 Gb Available in Paging File | 95.51% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 9.93 Gb Free Space | 29.05% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.02 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.75 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 70.45 Gb Free Space | 30.25% Space Free | Partition Type: NTFS

Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 22:07:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.com
PRC - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 08:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/02/10 23:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/02/08 18:32:28 | 001,369,376 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/01/10 12:35:18 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE


========== Modules (No Company Name) ==========

MOD - [2012/07/04 17:03:37 | 001,781,248 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12070401\algo.dll
MOD - [2012/06/14 09:48:52 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 09:47:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 08:43:49 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:43:36 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 08:41:39 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:39:17 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:33:03 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/18 19:33:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 19:33:27 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/18 19:33:26 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/18 19:30:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/18 19:30:31 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/18 19:01:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/18 18:58:34 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/18 18:58:17 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/18 18:50:53 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/18 18:50:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/18 18:50:40 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/18 18:50:18 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/18 18:50:03 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/18 18:49:55 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/05/20 05:18:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
MOD - [2004/11/17 12:18:22 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\Core Center\RushTop.dll
MOD - [2002/01/10 12:35:20 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2002/01/10 12:35:14 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll
MOD - [2001/07/31 21:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2012/06/28 08:52:42 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/06/28 08:52:42 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/06/28 08:52:37 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/06/28 08:52:37 | 000,097,352 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/06/28 08:52:37 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/06/28 08:52:36 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/06/28 08:52:36 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/10 06:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/16 09:27:00 | 000,023,744 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 17:32:16 | 000,006,272 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{05157127-2C10-401A-BB4E-FE4B15FB1799}: "URL" = https://duckduckgo.c...q={searchTerms}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/07/04 18:57:50 | 000,442,420 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15223 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Autobackup.lnk = C:\Program Files\KRtech\ERUNTgui\autoRun.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 22:07:56 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.com
[2012/06/29 11:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Ecco Bella
[2012/06/17 23:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/05 12:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Clients
[2011/06/21 14:30:01 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Matt\gotomypc_540.exe

========== Files - Modified Within 30 Days ==========

[2012/07/04 22:55:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 22:21:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 22:21:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/04 18:57:50 | 000,442,420 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/04 18:57:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/07/04 14:29:42 | 000,442,047 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120704-185750.backup
[2012/07/04 09:41:20 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/07/03 22:22:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/03 22:22:52 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/07/03 17:35:27 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/07/03 10:25:44 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/07/03 10:12:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/07/03 07:17:30 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/07/02 22:07:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.com
[2012/07/01 19:22:58 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/07/01 15:37:12 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/01 15:28:23 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/28 21:02:29 | 000,001,687 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/06/28 08:52:42 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/06/28 08:52:42 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/06/28 08:52:37 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/06/28 08:52:37 | 000,097,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/06/28 08:52:37 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/06/28 08:52:37 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/06/28 08:52:36 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/06/28 08:52:36 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/06/28 08:52:20 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/06/28 08:51:49 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/27 17:16:13 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/20 23:35:24 | 000,148,898 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet UWM.pdf
[2012/06/20 23:02:00 | 000,314,173 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet FPF.pdf
[2012/06/18 16:38:31 | 000,284,745 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet CMG.pdf
[2012/06/18 16:11:15 | 000,204,396 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Ratesheet Livewell.pdf
[2012/06/18 13:38:00 | 000,014,840 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Virtual Application.pdf
[2012/06/14 08:45:40 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 08:41:54 | 000,503,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 08:41:54 | 000,088,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 08:30:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/11 18:36:30 | 000,624,477 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet Carrington Mortgage Services.pdf
[2012/06/11 18:34:07 | 000,097,429 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet American Capital Broker Network.pdf
[2012/06/11 18:32:07 | 000,277,855 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet American Financial Resources.pdf
[2012/06/06 19:17:43 | 000,160,437 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Matt FL ING Claim Form.pdf
[2012/06/06 14:23:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/06 10:11:26 | 000,001,292 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Clients.lnk

========== Files Created - No Company Name ==========

[2012/06/20 23:35:24 | 000,148,898 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet UWM.pdf
[2012/06/20 23:02:00 | 000,314,173 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet FPF.pdf
[2012/06/18 16:38:31 | 000,284,745 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet CMG.pdf
[2012/06/18 16:11:15 | 000,204,396 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Ratesheet Livewell.pdf
[2012/06/18 13:38:00 | 000,014,840 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Virtual Application.pdf
[2012/06/11 18:36:30 | 000,624,477 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet Carrington Mortgage Services.pdf
[2012/06/11 18:34:07 | 000,097,429 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet American Capital Broker Network.pdf
[2012/06/11 18:32:07 | 000,277,855 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Rate Sheet American Financial Resources.pdf
[2012/06/06 19:17:43 | 000,160,437 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Matt FL ING Claim Form.pdf
[2012/06/06 10:08:51 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Clients.lnk
[2012/05/31 15:50:14 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Matt\g2mdlhlpx.exe
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpofazubijaxesa.dat
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/15 14:38:18 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/07 00:12:44 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/13 14:11:48 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2009/05/23 23:12:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/13 11:26:22 | 000,006,557 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\PrimoPDFSet.xml
[2008/04/27 09:52:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\PUTTY.RND
[2007/01/07 20:43:12 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/13 18:01:18 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\Matt\.fotki-uploader300-settings.xml
[2006/01/13 17:59:03 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Matt\.lastFolder
[2005/07/01 23:56:08 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/19 15:24:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/03/19 13:25:56 | 022,806,528 | -H-- | C] () -- C:\Documents and Settings\Matt\NTUSER.bak

========== LOP Check ==========

[2012/06/12 06:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Epson
[2012/07/04 22:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/18 21:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/25 16:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2012/05/28 01:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/07/04 22:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2012/05/19 09:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Oracle
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/07/03 10:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/07/04 22:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/07/04 22:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP